This content is submitted by a BigAdmin user. It has not been reviewed for technical accuracy by Sun Microsystems, though it may have been lightly edited to improve readability. If you find an error or would like to comment on the article, please contact the submitter or use the comment field at the bottom of the article.
Community submissions may not follow Sun trademark guidelines. For information on Sun trademarks, please see http://www.sun.com/suntrademarks/.
Using ssh to Access Logical Nodes in a Cluster Environment
Alec Effrat, October 2007
This tech tip provides an example of how to avoid problems when
using ssh on a logical node, as well as when using automatic authentication. This applies to any type of UNIX with any kind of failover, but it's known to work in the Solaris 8, 9, and 10 releases, and it can apply to Sun Cluster 3.0 and 3.1.
Preparing the known_hosts File
1. Prepare a known hosts file.
This file must indicate where every logical name can exist
physically.
There are many ways to achieve this.
Below is my method:
noclusterserver,163.194.64.206 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAwGECDeaCfKa0WZIixClweb...=
nodewest, 163.194.0.245,163.194.0.246,logical1,
163.194.0.247,logical2 ssh-rsa AAAAB3NzaC1yc2EAAAABIwest...=
root@nodewest nodeeast, 163.194.0.244, 163.194.0.246,logical1,
163.194.0.247,logical2 ssh-rsa AAAAB3NzaC1yc2EAAAABIeast = root@nodeeast
... more entries for more nodes ...
Note that the logical IPs and names are simply repeated for
each physical node.
2. Place this file into /etc/ssh/ssh_known_hosts on each node.
For a Failover User Requiring Automatic Authentication
1. On one host, create the SSH environment.
# cd ~failoveruser
# mkdir .ssh
# cd .ssh
2. Generate an RSA priv/pub key.
# ssh-keygen -t rsa -f ./id_rsa Generating public/private rsa key
pair. Enter passphrase (empty for no passphrase): (enter) Enter same
passphrase again: (enter) Your identification has been saved in
/usr/acct/ccisys/.ssh/id_rsa. Your public key has been saved in
/usr/acct/ccisys/.ssh/id_rsa.pub. The key fingerprint is:
3a:f6:XX:XX:XX:a6:6e:a0:b3:79:d3:15:XX:XX:XX:XX root@nodewest
3. Make the pub key able to authenticate.
# cp id_rsa.pub authorized_keys
4. Copy the /etc/ssh/ssh_known_hosts file to known_hosts.
# cp /etc/ssh/ssh_known_hosts ./known_hosts
5. Change the owner of .ssh.
# cd ~failoveruser
# chown -R failoveruser .ssh
6. Replicate all these files to the other node.
# scp .ssh failoveruser@nodeeast
7. If the user is on a failover mount point, make sure that you
create the directory structure for that user on both servers (i.e. under
the mount) so that authentication will always work.
The information and links on this page have been provided by a BigAdmin user. The submitter is solely responsible for such information and links. Sun is not responsible for the availability of external sites or resources, and does not endorse and is not responsible or liable for any content, advertising, products, or other materials on or available from such sites or resources. Sun will not be responsible or liable, directly or indirectly, for any actual or alleged damage or loss caused by or in connection with use of or reliance on the information posted here, or goods or services available on or through any external site or resource.
Comments (latest comments first)
Discuss and comment on this resource in the BigAdmin Wiki
Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
Print-friendly Version
